In FineCMS through 2017-07-07, application\core\controller\template.php allows remote PHP code execution by placing the code after "<?php" in a route=template request.
References
Link | Resource |
---|---|
http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html | Exploit Mitigation Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-07-07 11:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-10968
Mitre link : CVE-2017-10968
CVE.ORG link : CVE-2017-10968
JSON object : View
Products Affected
finecms_project
- finecms
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')